Fortigate NSE 4 6.2 Security

Upgrade firmware process

1. Backup configuration 2. Download a copy of the current firmware (Incase you need to go back) 3. Physically connect to console 4. Read release notes for the upgrade path 5. Perform upgrade

What do you do if the security fabric fortigates have a synching conflict

1. Click open synchronization wizard in the yellow error text box 2. Check which fortigate is out of synch and click next 3. See the issue and click resolve conflicts 4. There will be both an automatic and manual resolution option Done

Downgrade firmware process

1. Get the pre upgrade configuration file 2. Download a copy of the current firmware 3 physically connect to console port 4 read release notes to see if downgrade preserves configuration 5 downgrade 6 upload the matching configuration if needed

What is default management IP on fortigate

192.168.1.99

EIGRP administrative distance

90

What can you do if you want to list CLI commands

<command set> ?

What are interface aliases

A description for the interface

Aside from password what else can admins use to authenticate

A digital certificate Or Fortigate can query an authentication server

Fortinet security fabric

A fortinet solution that enables the communication and visibility between devices of your network Connects fortinet devices and enables a single pane of glass view. Devices are integrated onto a single console for management and security. All devices will be connected in the fabric so there is less security issues that come with multiple vendors. Security fabric allows visibility into the network

What is dangerous about SSL

A virus can pass through SSL unless full (deep)SSL inspection is enabled

What fortigate solution enhances performance and reduces latency for specific features and traffic

Acceleration hardware called SPU

What happens when the fortigate synch in the security fabric

Addresses, services, and schedules are synced

What is REST API Admin for

Adds an administrative user who will use a custom application to access the fortigate with a REST API

Default user and pass

Admin Blank

How to back up configuration

Admin profile > configuration > backup

Two device identification techniques

Agentless and agent (forticlient)

What is the allow concurrent session setting in the system settings

Allows multiple sessions in GUI and or CLI and prevents accidentally overriding settings

What is a requirement to use interfaces on fortigate (policies, routes etc)

An IP address

EIGRP (Enhanced Interior Gateway Routing Protocol)

An advanced distance vector protocol used to advertise routes between routers Metric value- bandwidth, load, delay, reliability, and MTU (Default are bandwidth and delay)

How can you configure fortigate as a DHCP server

At the interface level Network > interfaces > dhcp on

Once the root and downstream fortigates are configured for the security fabric what is needed to finalize the connection

Authorizing the downstream FortiGate's on the root fortigate and in fortianalyzer submit the final authorization

Administration methods for fortigate

CLI and GUI

What's two of the first things you need to do when login in fortigate for first time

Change default password and create administrator accounts

What is enabled on the mid-high range FortiGate's mgmt interface

DHCP server

What is an interface role for

Defines interface setting typically grouped together WAN LAN DMZ undefined Some Settings will be hidden in the GUI depending on the role

Different deployment modes for firewall

Distributed enterprise Next generation firewall Internal segmentation firewall Data center firewall

When configuring fortigate as a DHCP server to restrict access by MAC address what does the assign IP option do

Dynamically assigned an ip to the MAC address (Reserve will assign a specific ip)

What is the RADIUS protocol used for

Enabled on an interface when fortigate needs to listen for RADIUS packets for SSO authentication

When does fortigate query the FDN and what protocol

Everytime it scans for spam or filtered websites. If queries instead of downloading the database because the size of the DB changes frequently UDP or HTTPS

Importance reminder when upgrading firmware versions

FOLLOW UPGRADE PATH

True or false: security fabric does not support split task Vdom

False it does and will display both the FG-traffic Vdom and root Vdom on the security fabric topology map It must be enabled in global > dashboard > status

True or false. You cannot change the administrative protocols port numbers

False. You should for security

Benefits of fortigate VM

Faster deployment and tear down also may be cheaper if you use cheaper/larger hardware to run the VM on

What is the CAPWAP protocol used for

FortiAP, fortiswitch, and fortiextender

What is FTM in the interface protocols

FortiToken mobile push will support authentication on the interface from FortiToken

What combination of devices must participate in the security fabric

Fortianalyzer and two or more fortigates

What is agent device detection

Forticlient

What is the core of the security fabric

Fortigate and fortianalyzer

Describe the architectural structure of fortigate

Fortigate is a modular design. The hardware is advanced. Special ASIC designed by fortinet and specialized CP and NP CPU chips make fortigate a carrier grade device. It enables you to simplify your network and cut down on the number of needed devices. Sitting on the advanced circuitry is FOrtiOS. Fortigate can operate as a NGWF with antivirus, web filtering, and IPS. It's flexible allowing for a simple operation and can also be a sophisticated NGFW with advanced capabilities such as UTM. It is vendor neutral and also offers subscription services to further advance capabilities and support.

Explain transparent mode

Fortigate is an OSI layer 2 switch Interfaces do not have IP Forwards frames based on MAC and cannot route packets

Explain NAT mode

Fortigate is an OSI layer 3 router Interfaces have IPs Packets are routed by IP

What is SSL certificate inspection

Fortigate uses the SNI to distinguish the hostname of the SSL server which is validated against the DNS. The only security feature that can be applied with this mode is web filtering. It does not inspect encrypted data

What protocol is used when the role LAN or WAN is assigned to an interface

Fortigate will use LLDP to detect if there is an upstream fortigate

What is recommended to be added to the core of the security fabric

Fortimanager FortiAP Fortiswitch Forticlient Fortisandbox Fortimail

Name some security fabric products

Fortinac Forticlient Forti Authenticator FortiAP FortiSwitch Fortigate FortiWPC Fortiweb Fortimail Forticlient FortiEDR FortiAnalyzer FortiSIEM Fortisandbox FortiSOAR FortiManager Fortigate cloud Forticloud

How can fortigate answer DNS queries

Forward- relays requests the configured next server in the DNS settings Non recursive- uses the fortinet DNS DB to resolve queries Recursive- uses the fortigate DNS data base first and then will relay unresolved queries

CLI command to get fortigate status

Get system status

CLI command to see firmware version and GUI path

Get system status System > firmware

What are the management protocols

HTTP HTTPS SSH PING

CP (CP8 and CP9)

High speed content inspection Content processor that accelerates Antivirus Attack detection Encryption and decryption (SSL) Not bound to an interface

What feature prevents an admin from staying logged in indefinitely

Idle timeout feature (it can be overridden under admin profiles)

When do you need to set up a DNS database in the fortigate

If you Choose to have the fortigate DNS server resolve queries

Benefit of hiding features

If you don't use a feature you can disable showing it on the GUI under feature visibility

What is the trusted host feature

It allows you to assign a specific IP or network to an admin profile so only a device with the specified IP is allowed to sign into the profile

How does fortigate check content for spam or malicious websites

Live queries to fortiguard over UDP

Link aggregation

Logically binds interfaces together to form a single channel with great bandwidth (almost like EtherChannel) Network > interfaces > create new > interface > type 802.3ad aggregate

To restore an encrypted configuration to a fortigate what do you need to match

Model Firmware Build number Password

What is the default fortigate mode

NAT

What are the two modes a fortigate can operate in

Nat and transparent

How do you disable or enable administrative protocol access on ports

Network < interfaces Or Set allowaccess <ping> <https> <ssh> <http> <telnet> etc etc

When configuring fortigate as a DNS server which resolution method use the fortigate DNS DB To try and resolve queries

Non recursive

What is Nturbo

Offloads flow based security profile (packet by packet sessions) to the NP4 or NP6 processors (if it's disabled then the CPU handles it)

How to enable the security fabric

On the Root fortigate, security fabric > fabric connectors > enable security fabric connection on the root fortigate interfaces that face any downstream fortigates, configure a fabric name, configure the fortianalyzer IP Configure the downstream devices in the fabric connectors settings 1. Enable security fabric connections and device detection on the interfaces facing downstream FortiGate's 2. Select join existing fabric and add the root (upstream) fortigate IP

When are antivirus and IPS packages downloaded and what transport protocol is used to download them

Once a day using TCP

What is an exception to the rule that every running interface must have an IP address

One arm sniffer which purely receives a copy of processed traffic for logging purposes

NP

Packet processing NP6 (nturbo) Attached to a network interface Network processors that offload processing of high volume network traffic from the CPU

When restoring an encrypted system configuration file in addition to needing the fortigate model and firmware version from the time the configuration file was produced what must you also provide

Password

What port is the built in DHCP server enabled on

Port 1

What port do you plug Your computer into to begin configuration (two answers )

Port one or the internal switch ports on entry level Or the management interface on mid-High end models

What is the console port for on fortigate

Used for CLI access without internet (GUI access). Can be used with a terminal emulator

Agentless device identification and the detection methods

Requires direct connectivity to fortigate Detection methods: HTTP user agent TCP fingerprinting MAC address vendor codes DHCP MWBS Microsoft Windows browser service SIP use agent LLDP SSDP QUIC FORTIOS VM DETECTION

What are the neighbor requirements for a router using EIGRP

Same AS# Common subnet K values need to match in the metric formula

To restore an unencrypted configuration to a fortigate what do you need to match

Same model

SPU and what are the 3 types

Security processing unit Specialized acceleration hardware that can offload resource intensive processing from the main CPU CP- content processor SP- security processor NP- network processor

SP (SP3)

Security processors accelerate IPS for better system performance Bound to an interface

SNI

Server name identification sent during the beginning of SSL handshake that fortigate used to identify the server. Used in SSL certificate inspection

Where can you see how much data is being offloaded to the special processors

Session dashboard widget in GUI shows percentage

CLI command to list attributes for an interface

Show full-configuration system interface <port>

CLI command to show non default attributes for a port

Show system interface <port>

What happens if admin password is lost or reset

Shut fortigate down physically Plug into console port Maintainer account will be available for 60 seconds Password is bcpb<serial-number>

Which admin profile had global fortigate access

Super_admin

What are the two default admin profiles (explain each)

Super_admin - full access cannot be changed and applies to the global fortigate settings Prof_admin - full access applies only to it's VDOM and can be changed

SOC3

System on a chip. Contains the CPU, CPs, NPs and SPs

What port does package update from Fortiguard come in on

TCP 443 (SSL)

As best security practice when configuring administrative access which protocol should be disabled

Telnet

How do you access the CLI

The JavaScript widget in the GUI called CLI console or through a terminal emulator connected through console port

What are fortiguard subscription services

They provide fortigate with up to date threat intelligence from the fortiguard distribution network (FDN)

True or false: configuration back up can be encrypted and produces a hash value

True

True or false: there must be at least 1 static route (default route)

True

An admin tries logging in and receives error "unable to contact server" why?

Trusted host is configured on all admin accounts and user tried signing in on a nontrusted IP

What is two factor authentication

Two forms of identification are required to verify identity and sign int. Can be a digital signature but is usually paired with FortiToken

What is needed to preauthorize the downstream fortigates when configuring the root fortigate for the security fabric

Under the security fabric settings on the root fortigate > allow other fortigate devices to joint > add serial number and device information to the trusted list

What does UTM stand for?

Unified threat management

What direction does the LAN run to the internet and what direction from the physical cabling to the private virtual network

Vertically Horizontal

When would you enable FMG access on an interface

When using fortimanager

Do you need internet for the FDN subscription services

Yes

What are the DHCP IP address assignment rules for

You can assign block or reset an IP for a host. You can also allow only certain MACs a dhcp assignment. You can also reserve IPs for certain MACs

Disadvantage of fortigate VM

You will be using a generic CPU instead of the special fortASIC that is only made by fortinet. Therefore performance will be downgraded